hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 06:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,334 Commits 1,684 Branches 159 Tags
28fa49dcd64ac09311481de47bc5aac265bee738
Commit Graph

152 Commits

Author SHA1 Message Date
Chris Smowton
28fa49dcd6 dataflow -> data-flow 2022-04-01 13:22:58 +01:00
Chris Smowton
3b0bd3bc0f Improve wording 2022-04-01 11:31:31 +01:00
Chris Smowton
99026a6071 Improve wording of isAdditionalFlow/TaintStep qldoc 2022-04-01 11:07:27 +01:00
yoff
47e062cfb9 Merge pull request #8486 from aibaars/incomplete-hostname-python 
Python: switch to shared implementation of IncompleteHostnameRegExp.ql
 2022-03-22 15:06:14 +01:00
Rasmus Wriedt Larsen
6bd9d82610 Merge pull request #8061 from RasmusWL/orm 
Python: Add data-flow through Django ORM models
 2022-03-22 11:14:08 +01:00
Rasmus Wriedt Larsen
758a81cc0f Python: Remove import of Concepts in DataFlowPrivate 
As discussed in PR review
 2022-03-21 16:22:15 +01:00
Arthur Baars
79cd7bf8ed Python: create semmle/python/dataflow/new/Regex.qll 2022-03-21 15:57:19 +01:00
Tom Hvitved
79ea2a3a9c Data flow: Sync files 2022-03-17 14:03:58 +01:00
Jeroen Ketema
7a9a9d833a Merge pull request #8435 from jketema/all-the-barriers 
Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard
 2022-03-16 15:50:19 +01:00
Rasmus Wriedt Larsen
ae1ba11d57 Merge branch 'main' into orm 2022-03-16 11:23:14 +01:00
Jeroen Ketema
157a36bc4f Use node variable in all disjuncts 2022-03-15 11:55:35 +01:00
Jeroen Ketema
9a0e94f389 Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard 2022-03-15 11:55:34 +01:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper 
Rename all upper-case variables, and all lower-case modules
 2022-03-15 09:00:37 +01:00
Erik Krogh Kristensen
3bf5e06d53 delete all dead code 2022-03-14 13:03:31 +01:00
Jeroen Ketema
4c2081b7fc Merge pull request #8401 from jketema/taint-flow 
Extend taint tracking interface with flow states
 2022-03-14 12:06:10 +01:00
Erik Krogh Kristensen
02127b40cd PY: fix all ql/no-upper-case-variables 2022-03-14 11:50:48 +01:00
Jeroen Ketema
cd28f09ae0 Extend taint tracking interface with flow states 2022-03-11 11:50:35 +01:00
Erik Krogh Kristensen
ddf93b555e PY: fix some ql/non-doc-block warnings 2022-03-11 11:02:58 +01:00
Erik Krogh Kristensen
a96223c9c1 PY: remove leftover comments 2022-03-10 10:25:03 +01:00
Erik Krogh Kristensen
309e376c6d PY: convert test to not use deleted deprecations 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
e721094182 Python: remove old deprecation that was recently updated by an automated patch of mine 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
a86f0afb3c delete all deprecations that are over 14 months old 2022-03-09 18:28:07 +01:00
Taus
7b877fb317 Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings 
Python: Fix a bunch of QL warnings
 2022-03-09 16:31:28 +01:00
Taus
063a8bbc43 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-08 15:20:35 +01:00
Taus
d2603884ca Python: Fix a bunch of class QLDoc 2022-03-07 18:59:49 +00:00
Taus
af7f532212 Python: Fix up a bunch of function QLDoc 2022-03-07 18:59:49 +00:00
Taus
74f0bdfc79 Python: Fix "unused disjunct" warnings 
For the most part, these boil down to "some global property holds, and
so this relation contains all instances of class `X`". The fix is to
explicitly build the cartesian product (which we were already building
implicitly anyway) by adding `and exists(var)` to the disjunct that did
not mention `var`.

Note that these cartesian products are always with singletons on one
side, and so should be unproblematic.
 2022-03-04 12:14:57 +00:00
Tom Hvitved
9d6d479fba Add missing QL doc 2022-03-03 14:17:41 +01:00
Tom Hvitved
ba6ff88d05 Sync files 2022-03-03 12:30:50 +01:00
Rasmus Wriedt Larsen
98c60a706e Python: Autoformat 
Oops
 2022-03-01 11:54:09 +01:00
Rasmus Wriedt Larsen
e32f8d98b0 Python: Always import ORM steps for data-flow 
For C#, see
fdd787b89c/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll (L16)

that import EntityFramework, which is ORM library.
 2022-03-01 11:32:36 +01:00
Rasmus Wriedt Larsen
ef39968a56 Python: ORM: Add data-flow plumbing for ORM modeling 
The idea is that we will do `save ==> synthetic`
and `synthetic ==> load`, so we don't need to do CP between save/load.

This setup with synthetic node in the middle, also allows for a limited
amount of the field-flow we can do with real flow-summary support.
 2022-02-28 16:38:40 +01:00
yoff
d953382df9 Merge pull request #7807 from RasmusWL/dataflow-improvements 
Python: Dataflow improvements
 2022-02-28 16:24:00 +01:00
yoff
8b926f6859 Merge pull request #7873 from RasmusWL/fix-attribute-taint 
Python: Fix attribute taint
 2022-02-25 15:02:24 +01:00
Rasmus Wriedt Larsen
d2cd77aefb Merge branch 'main' into dataflow-improvements 2022-02-21 14:49:40 +01:00
Rasmus Wriedt Larsen
67ca14876a Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-02-18 13:47:07 +01:00
Rasmus Wriedt Larsen
62702d0ca9 Python: Fix setStoreStep to use SetElementContent 2022-02-07 13:18:36 +01:00
Rasmus Wriedt Larsen
b276b2d48c Python: Clean up taint steps for attributes 2022-02-07 13:12:31 +01:00
Rasmus Wriedt Larsen
b2ce0fcb72 Python: Add post-update nodes to args of unresolved calls 
Besides solving the problem with `setattr`, it also solved some old
problems with json library modeling (yay).
 2022-02-04 11:51:53 +01:00
Rasmus Wriedt Larsen
5cd08b8e8c Python: Ignore .isAbsent() from ClassCall 
This means that DataFlowCall is only for resolvable calls, which might not seem
like a big thing in itself, but enables the next commit to actually work :P
 2022-02-03 14:58:30 +01:00
Rasmus Wriedt Larsen
48aa07d67a Python: Handle SyntheticPreUpdateNode in PrintNode 2022-02-03 14:58:30 +01:00
Rasmus Wriedt Larsen
49b5d60229 Python: Use AttrRead/AttrWrite for attr read/store steps 
Note that this doesn't actually add the desired flow from setattr, due
to missing post-update note. This will be fixed in later commit.
 2022-02-03 14:58:30 +01:00
Rasmus Wriedt Larsen
5774459dfb Python: restrict AttrRead with AttrNode.isLoad() 2022-02-03 14:58:23 +01:00
Tom Hvitved
6bb71f051b Merge pull request #7791 from hvitved/dataflow/inline-local-flow-star 
Data flow: Inline `local(Expr|Instruction)?(Flow|Taint)`
 2022-02-03 09:02:43 +01:00
Arthur Baars
33b97f3e0c Update synchronized files 2022-02-02 13:30:45 +01:00
Rasmus Wriedt Larsen
51bc6dcf7e Python: Add attributeClearStep 2022-02-02 11:19:35 +01:00
Tom Hvitved
f2352d8272 Data flow: Inline local(Expr|Instruction)?(Flow|Taint) 
Computing a full transitive closure is often bad; by inlining all calls we are
providing more context to the QL optimizer.
 2022-01-31 14:33:41 +01:00
yoff
74d57bbb1a Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2022-01-28 11:38:29 +01:00
Rasmus Lerchedahl Petersen
b93c04bb79 python: Add reverse flow in some patterns 
Particularly in value and literal patterns.
This is getting a little bit into the guards aspect of matching.
We could similarly add reverse flow in terms of
sub-patterns storing to a sequence pattern,
a flow step from alternatives to an-or-pattern, etc..
It does not seem too likely that sources are embedded in patterns
to begin with, but for secrets perhaps?

It is illustrated by the literal test. The value test still fails.
I believe we miss flow in general from the static attribute.
 2022-01-27 15:20:23 +01:00